Case Overview

| | |

|---|---|

| Article Type | Roundup |

| Vertical | Privacy, Data & TCPA |

| Cases Covered | 5 |

| Date Published | March 2026 |

Privacy & Data Class Action Roundup: March 2026

From tracking pixels on news websites to cellphone surveillance by insurance giants, privacy-related class action litigation is moving on several fronts this month. According to a recent settlement report published by Top Class Actions, at least one major settlement is now open for claims — and several lawsuits are working their way through the courts. Here's what consumers need to know in March 2026.

1. Los Angeles Times Website Tracker Settlement

Settlement Amount: $3.85 million

Claim Deadline: Check the settlement website for the current deadline

Who May Qualify: California residents who visited the Los Angeles Times website while logged in or with identifiable data collected via third-party trackers

The Los Angeles Times has agreed to pay $3.85 million to resolve allegations that it violated California privacy laws by using website tracking technologies to collect personal data from visitors without their knowledge or consent. According to the complaint, third-party trackers embedded on the site gathered user information that was then shared with outside parties — all without proper disclosure or authorization under California law.

The settlement does not constitute an admission of wrongdoing by the Los Angeles Times.

How to claim: Visit the official settlement administrator's website to determine eligibility and submit a claim. Proof requirements and payout amounts per claimant have not yet been finalized and may depend on the number of valid claims submitted.

2. General Physician, P.C. Data Breach Settlement

Settlement Amount: $2.5 million

Who May Qualify: Patients of General Physician, P.C. whose personal or medical information was compromised in the data breach

General Physician, P.C., a medical group serving patients in Western New York, has agreed to pay $2.5 million to resolve class action litigation stemming from a data breach that allegedly exposed sensitive patient information. According to reporting from The HIPAA Journal, the settlement follows claims that the practice failed to adequately protect patient records, which may have included protected health information covered under HIPAA.

The types of data potentially exposed and the number of affected individuals have not been fully detailed in publicly available summaries, but medical data breaches of this nature typically involve names, dates of birth, Social Security numbers, and treatment records. Affected patients who receive a notice of eligibility may be entitled to submit a claim for a portion of the settlement fund.

How to claim: Eligible class members should watch for a formal class notice via mail or email. Settlement details, including the claims process and deadline, are expected to be made available through a dedicated settlement website.

3. Allstate Cellphone Tracking Lawsuit Cleared to Proceed

Case Status: Active litigation — no settlement at this time

Who May Be Affected: Drivers whose cellphone data was allegedly collected without consent and used to affect their insurance premiums or coverage

A federal judge has allowed a privacy lawsuit against Allstate to move forward, according to multiple legal news outlets. The lawsuit alleges that the home and auto insurer secretly tracked drivers through their cellphones without consent, then used that location and driving behavior data to raise premiums, deny coverage, or sell the information to other insurance companies.

U.S. District Judge Jeremy Daniel in Chicago ruled on Tuesday that drivers in the putative class may proceed with their claims, according to reports. The lawsuit alleges that this covert data collection violated state and federal privacy laws.

Allstate has not been found liable, and the case remains in early litigation stages. No settlement has been reached.

What to watch: If you are an Allstate policyholder and believe your driving data was collected through a third-party app without your explicit knowledge, this case may be worth monitoring as it progresses.

4. Marquis v. SonicWall — Breach Blame Shifts to Security Vendor

Case Status: Active litigation — no settlement at this time

Who May Be Affected: Customers of the FinTech company affected by the breach that is alleged to have originated through a SonicWall firewall vulnerability

A lawsuit raising novel questions about third-party cybersecurity vendor liability is working its way through the courts. In Marquis v. SonicWall, a FinTech company's customers have filed claims alleging that a data breach occurred not because of the company's own negligence, but because of vulnerabilities in the SonicWall firewall product the company relied on for network security.

The case asks a significant legal question: when a company is breached through a third-party security vendor's product, who bears responsibility to affected consumers? The complaint, according to case summaries, alleges that SonicWall knew or should have known about vulnerabilities in its product that left client networks exposed.

The lawsuit is being watched by the cybersecurity and legal communities alike, as its outcome could shape how liability is assigned in supply-chain and vendor-related breach cases going forward.

What to watch: Affected individuals from the underlying FinTech breach may wish to consult with an attorney to understand their options as this case develops.

5. Insurance Brokerage Firm Faces TCPA Class Action Over Unsolicited Calls

Case Status: Active litigation — no settlement at this time

Who May Be Affected: Individuals who allegedly received unsolicited calls or texts from the unnamed insurance brokerage firm without prior express consent

An insurance brokerage company has been hit with a class action lawsuit alleging violations of the Telephone Consumer Protection Act (TCPA), according to TCPAWorld. The complaint alleges that the firm contacted consumers via phone without obtaining the required prior express written consent, potentially exposing it to statutory damages of $500 to $1,500 per violation.

The TCPA prohibits companies from using autodialers or prerecorded messages to contact consumers who have not given consent. Class actions under the TCPA can aggregate thousands or even millions of individual violations, making them among the most financially significant consumer protection cases in federal courts.

The identity of the brokerage firm and the full scope of the alleged calling campaign have not yet been publicly disclosed in available summaries.

What to watch: Consumers who believe they received unsolicited insurance-related calls or texts from a brokerage may want to document those communications and consult with a consumer protection attorney about their options under the TCPA.

Key Takeaways

• Two settlements are currently open or approaching resolution — the Los Angeles Times tracker case and the General Physician data breach — and affected individuals should act promptly, as claim deadlines can pass without further notice.
• Medical and health-related entities continue to be frequent defendants in data privacy litigation, given the sensitivity of the information they hold and the regulatory requirements under HIPAA.
• Insurance companies are facing pressure on multiple fronts — both for alleged covert data collection (Allstate) and for unsolicited marketing calls (the unnamed brokerage) — suggesting heightened scrutiny of the industry's data practices.
• Third-party vendor liability is an emerging legal frontier. The SonicWall case illustrates a growing trend of breach victims looking beyond the directly breached company to hold upstream technology providers accountable.
• Data breach and TCPA settlements typically do not require proof of harm — only proof of membership in the class, such as being a customer, patient, or phone number holder during the relevant period.

Have you filed a claim in any of these settlements, or received a class action notice recently? Share your experience in the comments below.

InjuryClaims.com reports on class action lawsuits and settlements as a news service. Nothing in this article constitutes legal advice. Eligibility for any settlement or lawsuit can only be determined by a qualified attorney.